<!doctype html>
<html lang="en">

<head>
	<meta charset="utf-8">

	<title>Markdown slide</title>

	<meta name="description" content="A framework for easily creating beautiful presentations using HTML">
	<meta name="author" content="Hakim El Hattab">

	<meta name="apple-mobile-web-app-capable" content="yes">
	<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">

	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<link rel="stylesheet" href="libs/reveal.js/4.1.3/reset.css">
	<link rel="stylesheet" href="libs/reveal.js/4.1.3/reveal.css">

	
	
	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">

	  <!-- highlight Theme -->
  	
	  <link rel="stylesheet" href="libs/highlight.js/11.3.1/styles/monokai.min.css">
	
	
		
	<link rel="stylesheet" href="libs/reveal.js/4.1.3/plugin/chalkboard/style.css">
	
	
	
		<link rel="stylesheet" href="libs/reveal.js/4.1.3/plugin/customcontrols/style.css">
	
	<link rel="stylesheet" href="libs/styles/tasklist.css">



  <!-- Revealjs Theme -->
  
  	<link rel="stylesheet" href="libs/reveal.js/4.1.3/theme/beige.css" id="theme">
  
  


  <!-- Revealjs Theme -->
  

 
</head>

<body>
  


  <div class="reveal">

    <!-- Any section element inside of this container is displayed as a slide -->
    <div class="slides">

      


    
        <section >
            
            <style type="text/css">
    p { text-align: left; }
    h2 { text-align: left; }
</style>
            </section>
    



    
    <section>
        <section >
            <h1>1. 漏洞扫描-OpenVAS</h1>

            </section>
        
            <section >
                <h2>1.1. OpenVAS漏洞扫描器</h2>
<ul>
<li>
<p>OpenVAS（Open Vulnerability Assessment System）</p>
</li>
<li>
<p>是开放式漏洞评估系统，其核心部分是一个服务器。</p>
</li>
<li>
<p>该服务器包括一套网络漏洞测试程序，可以检测远程系统和应用程序中的安全问题。</p>
</li>
<li>
<p>该工具是基于C/S（客户端/服务器），B/S（浏览器/服务器）架构进行工作，用户通过浏览器或者专用客户端程序来下达扫描任务，服务器端负载授权，执行扫描操作并提供扫描结果。</p>
</li>
<li>
<p>OpenVAS不同与传统的漏洞扫描软件。</p>
</li>
<li>
<p>所有的OpenVAS软件都是免费的，</p>
</li>
<li>
<p>而且还采用了Nessus（一款强大的网络扫描工具）较早版本的一些开放插件。</p>
</li>
<li>
<p>虽然Nessus很强大，但是该工具不开源，而且免费版的功能又比较局限。</p>
</li>
</ul>

            </section>
        
            <section >
                <h2>1.2. OpenVAS架构</h2>
<p>一套完整的OpenVAS系统包括服务器端和端口端的多个组件，如下图所示：
<img src="http://i.imgur.com/JMVC0OR.png" alt=""></p>

            </section>
        
            <section >
                <h3>1.2.1. 服务器层组件（建议全部安装）</h3>
<ul>
<li>
<p>openvas-scanner（扫描器）：负责调用各种漏洞检测插件，完成实际的扫描操作。</p>
</li>
<li>
<p>openvas-manager（管理器）：负责分配扫描任务，并根据扫描结果生产评估报告。</p>
</li>
<li>
<p>openvas-administrator（管理者）：负责管理配置信息，用户授权等相关工作。</p>
</li>
</ul>

            </section>
        
            <section >
                <h3>1.2.2. 客户层组件（任选其一即可）</h3>
<ul>
<li>
<p>openvas-cli（命令行接口）：负责提供从命令行访问OpenVAS服务层程序。</p>
</li>
<li>
<p>greenbone-security-assistant（安装助手）：负责提供访问OpenVAS服务层的Web接口，便于通过浏览器来建立扫描任务，是使用最简便的客户层组件。</p>
</li>
<li>
<p>Greenbone-Desktop-Suite（桌面套件）：负责提供访问OpenVAS服务层的图形程序界面，主要允许在Windows客户机中。</p>
</li>
</ul>
<p>P.S.OpenVAS服务器端仅支持安装Linux操作系统中。但是，客户端安装在Windows和Linux系统均可。</p>

            </section>
        
            <section >
                <h2>1.3. KALI LINUX配置过程</h2>
<h3>1.3.1. 安装OpenVAS</h3>
<p>Kali Linux系统中已经默认安装了OpenVAS，用户可以直接使用。</p>
<p>如果发现自己系统中安装的OpenVAS不是最新版本的话，可以通过以下方法安装最新版的OpenVAS工具。</p>
<p>具体方法如下所示：</p>
<pre><code class="language-sh">
（1）更新软件包列表。

    # apt-get update


执行以上命令后，获取最近的软件包列表。

（2）获取到最新的软件包。

    # apt-get dist-upgrade

执行以上命令后，对有更新的包进行下载并安装。

（3）重新安装OpenVAS工具。

    # apt-get install openvas
</code></pre>
<p>执行以上命令后，如果没有报错，则说明已成功安装OpenVAS工具。</p>

            </section>
        
            <section >
                <h3>1.3.2. 配置OpenVAS服务</h3>
<p>2016.08.21在Kali上实测有效(wildlinux)</p>
<p>安装完以后，我就是重复运行openvas-check-setup，每次根据提示来进行下一步操作，</p>
<pre><code class="language-sh">	root@KaliYL:~# openvas-check-setup
	...略去几十行...
	ERROR: The NVT collection is very small.
    FIX: Run a synchronization script like openvas-nvt-sync or greenbone-nvt-sync.
    
    根据提示，就需要运行如下指令：
    root@KaliYL:~#openvas-nvt-sync
</code></pre>

            </section>
        
            <section >
                <p>实际进行的操作有如下：</p>
<pre><code class="language-sh">	1. openvas-mkcert	生成服务员端证书
	2. openvas-nvt-sync  同步漏洞库
	3. openvas-mkcert-client -n -i	生成客户端证书
	4. openvassd	启动扫描器
	5. openvasmd --rebuild	生成数据库
	6. openvasmd --create-user=admin --role=Admin &amp;&amp; openvasmd --user=admin --new-password=admin	创建用户
	7. openvas-scapdata-sync	同步SCAP数据
	8. openvas-certdata-sync	同步证书数据
	9. openvasmd	启动管理器
	10. gsad	启动Greenbone
	记住，基本上面每一条指令输完，都运行一次openvas-check-setup,然后你就会知道，下一条该运行什么。
</code></pre>
<p>以下为运行结果，可以看到各服务使用的端口，其中gsad是9392：</p>

            </section>
        
            <section >
                <pre><code class="language-sh">	root@KaliYL:~# netstat -aptn
	Active Internet connections (servers and established)
	Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
	tcp        0      0 0.0.0.0:9391            0.0.0.0:*               LISTEN      9099/openvassd: Wai 
	tcp        0      0 127.0.0.1:9393          0.0.0.0:*               LISTEN      33584/openvassd: Wa  
	tcp6       0      0 :::9390                 :::*                    LISTEN      33211/openvasmd     
	tcp6       0      0 :::9392                 :::*                    LISTEN      33518/gsad          
	root@KaliYL:~# 
</code></pre>

            </section>
        
            <section >
                <pre><code>登陆界面为：https://127.0.0.1:9392

登陆用户为上而第六步创建admin，密码admin

系统重启后，所有服务自动启动，不需要手工启动。可使用netstat -aptn确认。

官方安装参考：(https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/)
</code></pre>
<p>以检测同一网段上的XP虚拟机为例：</p>
<p>获取到XP的IP地址为192.168.64.138</p>

            </section>
        
            <section >
                <p>在kali的终端中确保ping通,登陆后在扫描框中输入192.168.64.138，开始扫描。
接下来会有近1分钟的时间，可以看见进度条从0%到100%的变化
<img src="http://i.imgur.com/55PBJoY.jpg" alt=""></p>

            </section>
        
            <section >
                <p>查看报告及详细信息
<img src="http://i.imgur.com/ghO99Np.jpg" alt="">
<img src="http://i.imgur.com/2z37BgU.jpg" alt="">
发现有3个高危漏洞，5个中等漏洞。</p>

            </section>
        
            <section >
                <p>点击Details按钮，可以查看该份报告的详细内容
<img src="http://i.imgur.com/1Qhb9SW.jpg" alt="">
第一列是各个漏洞的名称，点击可以查看详细信息
<img src="http://i.imgur.com/ohiZqX0.jpg" alt=""></p>
<p>以上就是在kali中安装、使用OpenVAS的全过程。</p>

            </section>
        
            <section >
                <h2>1.4. 四、使用OpenVAS——GSA</h2>
<p>当需要将OpenVAS与网络上其他测试小组成员共享，可以使用B/S架构的客户端程序GSA。</p>
<h3>1.4.1. 首先应启动GSA服务</h3>
<p><img src="http://i.imgur.com/ieWGMct.jpg" alt=""></p>
<h3>1.4.2. 在浏览器中输入http://localhost:访问GSA</h3>
<p><img src="http://i.imgur.com/wPWQ1XV.jpg" alt=""></p>
<h3>1.4.3. 创建OpenVAS扫描目标</h3>
<p><img src="http://i.imgur.com/1HNBiKT.jpg" alt=""></p>
<h3>1.4.4. 创建OpenVAS扫描任务</h3>
<p><img src="http://i.imgur.com/4ZGl3DC.jpg" alt=""></p>
<h3>1.4.5. 启动OpenVAS扫描任务并查看扫描进度</h3>
<p><img src="http://i.imgur.com/wncjbEQ.jpg" alt=""></p>
<h3>1.4.6. 查看OpenVAS扫描报告</h3>
<p><img src="http://i.imgur.com/5qegH0I.jpg" alt=""></p>
<p>问题：不知这里为何扫描结果均为0</p>
<h2>1.5. 五、漏洞信息搜索与漏洞修复</h2>
<p>在用OpenVAS搜索完漏洞后，可以看到漏洞名称以及编码。可以从以下几个网站搜索相关信息：</p>
<p>中国国家信息安全漏洞库：<a href="http://www.cnnvd.org.cn/vulnerability">http://www.cnnvd.org.cn/vulnerability</a>
<img src="http://i.imgur.com/ZCcKjFY.jpg" alt=""></p>
<p>CVE通用漏洞列表：<a href="http://cve.mitre.org/">http://cve.mitre.org/</a>
<img src="http://i.imgur.com/gyrbOBb.jpg" alt=""></p>
<p>NVD美国国家信息安全漏洞库：<a href="https://nvd.nist.gov/">https://nvd.nist.gov/</a></p>
<p><img src="http://i.imgur.com/1VQvnaF.jpg" alt=""></p>
<p>在以上网站中输入漏洞编号，即可查询相关信息以及修复方法。</p>
<p>下面，以上文提到的扫描同一网段的xp系统为例，搜索扫描到的漏洞的相关信息。
<img src="http://i.imgur.com/rw0HaMp.jpg" alt="">
如上图所示，漏洞编码为CVE-2008-4114, CVE-2008-4834, CVE-2008-4835
登录NVD、中国国家信息安全漏洞库等网站查找漏洞信息及解决方式。</p>
<h3>1.5.1. CVE–</h3>
<p>在NVD中输入编号，查询到如下信息：
<img src="http://i.imgur.com/mL3TKmp.jpg" alt=""></p>
<p><img src="http://i.imgur.com/4TKbjai.jpg" alt=""></p>
<p>如上所示，修复漏洞的方法有：
使用BUGTRAQ的20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS、SECTRACK的1020887、OVAL的 oval:org.mitre.oval:def:6044等外源，在下方附上了超链接。</p>
<p><img src="http://i.imgur.com/62Aglq2.jpg" alt=""></p>
<p>还可以查看影响效果分数、开发度分数、CVSS环境评分等分数。</p>
<h3>1.5.2. CVE–</h3>
<p><img src="http://i.imgur.com/hsM2PF8.jpg" alt=""></p>
<p>解决办法：MS的MS09-001、BUGTRAQ的20090113 ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability、MISC的http://www.zerodayinitiative.com/advisories/ZDI-09-001/等方式。</p>
<h2>1.6. 使用OpenVAS——Metasploit</h2>
<h3>1.6.1. 在MSF终端中输入下面命令载入OpenVAS插件</h3>
<p><img src="http://i.imgur.com/u4xomuT.jpg" alt=""></p>
<h3>1.6.2. 连接到OpenVAS管理引擎（主机IP地址）</h3>
<p><img src="http://i.imgur.com/YegYmUr.jpg" alt=""></p>
<pre><code>msf &gt; openvas_connect admin admin 192.168.64.137 9390 ok
</code></pre>
<h3>1.6.3. 使用openvas_target_create创建一个扫描目标（靶机IP地址）</h3>
<pre><code># openvas_target_create ubuntu1 192.138.64.138 metasploitable
</code></pre>
<h3>1.6.4. 创建扫描任务</h3>
<pre><code># openvas_config_list   //出现现有的扫描策略
# openvas_task_create ubuntu-scan &quot;Scan of Ubuntu Metasploitable&quot; 0 2// 创建扫描任务：openvas_task_create&lt;任务名&gt;&lt;任务备注&gt;&lt;扫描策略ID&gt;&lt;扫描目标ID&gt;
</code></pre>
<h3>1.6.5. 使用openvas_task_start&lt;task_id&gt;启动这个新建的扫描任务</h3>
<pre><code>#openvas_task_start 1
</code></pre>
<p>扫描过程中，使用openvas_task_list查看扫描进度</p>
<pre><code># openvas_task_list
</code></pre>
<h3>1.6.6. 下载扫描报告</h3>
<p>扫描结束后，使用openvas_report_list找到需要下载的扫描报告ID，使用openvas_foemat_list列出可供下载的扫描报告格式，使用openvas_report_download&lt;扫描报告ID&gt;&lt;报告格式ID&gt;&lt;存储路径&gt;&lt;文件名&gt;下载扫描报告。</p>

            </section>
        

    </section>
    


    </div>


  </div>

  	
	<script src="libs/reveal.js/4.1.3/reveal.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/zoom/zoom.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/notes/notes.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/search/search.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/markdown/markdown.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/highlight/highlight.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/menu/menu.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/math/math.js"></script>

	<script src="libs/reveal.js/4.1.3/plugin/fullscreen/plugin.js"></script>
  
  	<script src="libs/reveal.js/4.1.3/plugin/animate/plugin.js"></script>
  	<script src="libs/reveal.js/4.1.3/plugin/animate/svg.min.js"></script>
  
  	<script src="libs/reveal.js/4.1.3/plugin/anything/plugin.js"></script>
	  <script src="libs/reveal.js/4.1.3/plugin/anything/Chart.min.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/d3.v3.min.js"></script>				
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3.patch.js"></script>			
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/queue.v1.min.js"></script>		
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/topojson.v1.min.js"></script>		
	<script src="libs/reveal.js/4.1.3/plugin/anything/function-plot.js"></script>

 <!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/plugin.js"></script>  -->
<!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/recorder.js"></script>-->
<!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/RecordRTC.js"></script>-->

<script src="libs/reveal.js/4.1.3/plugin/chalkboard/plugin.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/customcontrols/plugin.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/embed-tweet/plugin.js"></script>

	<script src="libs/reveal.js/4.1.3/plugin/chart/chart.min.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/chart/plugin.js"></script>

  <script>

		const printPlugins = [
			RevealNotes, 
			RevealHighlight,
			RevealMath,
			RevealAnimate,
			RevealChalkboard, 
			RevealEmbedTweet,
			RevealChart,
		];

		const plugins =  [...printPlugins,
		RevealZoom, 
		RevealSearch, 
				RevealMarkdown, 
				RevealMenu, 
				RevealFullscreen,
				RevealAnything,
				//RevealAudioSlideshow,
				//RevealAudioRecorder,
				RevealCustomControls, 
				// poll
				// question
				// seminar
				 ]


		// Also available as an ES module, see:
		// https://revealjs.com/initialization/
		Reveal.initialize({
			controls: true,
			controlsTutorial: true,
			controlsLayout: 'bottom-right',
			controlsBackArrows: 'faded',
			progress: true,
			slideNumber: false,
			//#showSlideNumber "all" "print" "speaker"
			hash: true,//#  hash: false,
			//# respondToHashChanges: true,
			//# history: false,
			keyboard: true,
			//#keyboardCondition: null,
			overview: true,
			center: true,
			touch: true,
			loop: false,
			rtl: false,
			//#navigationMode: 'default', linear grid
			shuffle: false,
			fragments: true,
			fragmentInURL: false,
			embedded: false,
			help: true,
			//#pause: true
			showNotes: false,
			autoPlayMedia: false, // TODO fix this to a nullable value
			//#preloadIframes: null. true false
			//#autoAnimate: true
			//#autoAnimateMatcher: null,
			//#autoAnimateEasing: 'ease',
			//autoAnimateDuration: 1.0,
			//#autoAnimateUnmatched: true
			//#autoAnimateStyles: []
			autoSlide: 0, // TODO fix this to a falseable value
			autoSlideStoppable: true,
			autoSlideMethod: '0',
			defaultTiming: 120,
			mouseWheel: false,
			//#previewLinks: false
			//#postMessage: true,  // TODO : this can cause issues with the vscode api ???
			//#postMessageEvents: false,
			//#focusBodyOnPageVisibilityChange: true,
			transition: 'slide',
			transitionSpeed: 'default',
			backgroundTransition: 'fade',
			//#pdfMaxPagesPerSlide: Number.POSITIVE_INFINITY,
			//#pdfSeparateFragments: true,
			//#pdfPageHeightOffset: -1,
			viewDistance: 3,
			//#mobileViewDistance: 2,
			display: 'block',
			//#hideInactiveCursor: true,
			//#hideCursorTime: 5000

			// Parallax Background
			parallaxBackgroundImage: '',
			parallaxBackgroundSize: '',
			parallaxBackgroundHorizontal: 0,
			parallaxBackgroundVertical: 0,
			
			//Presentation Size
			width: 960,
			height: 700,
			margin: 0.04,
			minScale: 0.2,
			maxScale: 2,
			disableLayout: false,

			audio: {
				prefix: 'audio/', 	// audio files are stored in the "audio" folder
				suffix: '.ogg',		// audio files have the ".ogg" ending
				textToSpeechURL: null,  // the URL to the text to speech converter
				defaultNotes: false, 	// use slide notes as default for the text to speech converter
				defaultText: false, 	// use slide text as default for the text to speech converter
				advance: 0, 		// advance to next slide after given time in milliseconds after audio has played, use negative value to not advance
				autoplay: false,	// automatically start slideshow
				defaultDuration: 5,	// default duration in seconds if no audio is available
				defaultAudios: true,	// try to play audios with names such as audio/1.2.ogg
				playerOpacity: 0.05,	// opacity value of audio player if unfocused
				playerStyle: 'position: fixed; bottom: 4px; left: 25%; width: 50%; height:75px; z-index: 33;', // style used for container of audio controls
				startAtFragment: false, // when moving to a slide, start at the current fragment or at the start of the slide
			},
			
			chalkboard: { // font-awesome.min.css must be available
					//src: "chalkboard/chalkboard.json",
					storage: "chalkboard-demo",
				},
			
			customcontrols: {
					controls: [
      						{
						  id: 'toggle-overview',
						  title: 'Toggle overview (O)',
						  icon: '<i class="fa fa-th"></i>',
						  action: 'Reveal.toggleOverview();'
						}
						,
						{ icon: '<i class="fa fa-pen-square"></i>',
						  title: 'Toggle chalkboard (B)',
						  action: 'RevealChalkboard.toggleChalkboard();'
						},
						{ icon: '<i class="fa fa-pen"></i>',
						  title: 'Toggle notes canvas (C)',
						  action: 'RevealChalkboard.toggleNotesCanvas();'
						}
				]
			},
			chart: {
					defaults: { 
						color: 'lightgray', // color of labels
						scale: { 
							beginAtZero: true, 
							ticks: { stepSize: 1 },
							grid: { color: "lightgray" } , // color of grid lines
						},
					},
					line: { borderColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ], "borderDash": [ [5,10], [0,0] ] }, 
					bar: { backgroundColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ]}, 
					pie: { backgroundColor: [ ["rgba(0,0,0,.8)" , "rgba(220,20,20,.8)", "rgba(20,220,20,.8)", "rgba(220,220,20,.8)", "rgba(20,20,220,.8)"] ]},
					radar: { borderColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ]}, 
			},
			math: {
				mathjax: 'https://cdn.jsdelivr.net/gh/mathjax/mathjax@2.7.8/MathJax.js',
				config: 'TeX-AMS_HTML-full',
				// pass other options into `MathJax.Hub.Config()`
				TeX: { Macros: { RR: "{\\bf R}" } }
				},
				anything: [ 
				{
		className: "plot",
		defaults: {width:500, height: 500, grid:true},
		initialize: (function(container, options){ options.target = "#"+container.id; functionPlot(options) })
	 },
	 {
		className: "chart",  
		initialize: (function(container, options){ container.chart = new Chart(container.getContext("2d"), options);  })
	 },
	 {
		className: "anything",
		initialize: (function(container, options){ if (options && options.initialize) { options.initialize(container)} })
	 },
					],
			// Learn about plugins: https://revealjs.com/plugins/
			plugins: (window.location.search.match(/print-pdf/gi) ? printPlugins : plugins ) 
		});
			


	    // Change chalkboard theme : 
		function changeTheme(input) {
			var config = {};
			config.theme = input.value;
			Reveal.getPlugin("RevealChalkboard").configure(config);
			input.blur();
		}

		// // Handle the message inside the webview
        // window.addEventListener('message', event => {

        //     const message = event.data; // The JSON data our extension sent

        //     switch (message.command) {
        //         case 'refactor':
        //             Reveal.toggleHelp();
        //     }
        // });

		if (window.location.search.match(/print-pdf-now/gi)) {
      		setTimeout(() => {
				window.print();
			  }, 2500);
			
    }
		

	</script>

</body>

</html>